[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions on kpam-20031001

Gedaliah Wolosh <gwolosh@njit.edu> writes:

> I just built and installed the new kpam.so -- kpam-20031001 on a sparc
> solaris 9 with heimdal 0.6, krb4-1.2.2, openafs-1.2.10.

I don't know if this is the right forum for this, but I'll answer anyway.

> The good news is that this basically works. I get my afs token upon login
> with the correct permissions.
> I do not, however, get the krb4 ticket. I probably don't need it but
> since I built everything for it I would have expected to get it. Kinit
> does obtain the krb4 ticket.

I probably broke something, I never tested that code since we don't use
krb4 (execpt for windows openafs clients). I think you should continue to
not need it (and I should remove the depency on krb4 from kpam).

> Another concern is an error in the logs when an afs user logs out --

The patch below should fix that (untested)


Index: kpam.c
RCS file: /afs/su.se/services/cvs/public/cvsroot/kpam/kpam.c,v
retrieving revision 1.24
diff -u -w -r1.24 kpam.c
--- kpam.c      1 Oct 2003 01:44:52 -0000       1.24
+++ kpam.c      2 Oct 2003 01:43:18 -0000
@@ -271,6 +271,12 @@
+       if (flags == PAM_DELETE_CRED) {
+               if (hasafs)
+                       k_unlog();
+               goto out;
+       }
        if (pam_get_item(pamh, PAM_USER, (void *)&user) != PAM_SUCCESS)
            goto out;

PGP signature